<?php
if (function_exists('session_start')) session_start();
require '../include/library.inc.php';

require '../include/user_login.inc.php';



$task_id = $_GET["task"];

if($_SESSION['ACCESS_SID'] < 1) redirect(HTML_BASE.$_SESSION["lang"].'/login/');
	 
	if($_SESSION['ACCESS_SID'] == 1) $sql = "SELECT * FROM  tasks
	WHERE task_id = \"".$task_id."\" AND (by_user = '".$_SESSION['USER_SID']."' OR to_user = '".$_SESSION['USER_SID']."')";
	
	if($_SESSION['ACCESS_SID'] == 2)  $sql = "SELECT * FROM  
	tasks AS t,
	law_users AS l
	WHERE 
	t.task_id = '".$task_id."' 
	AND 
	l.law_id = '".$_SESSION['USER_SID']."'
	AND
	l.use_id = t.by_user
	";
	
	$result = query($sql);
	$row_note = mysql_fetch_object($result);
	
	if (!$row_note) redirect(HTML_BASE.$_SESSION["lang"].'/login/');




$path = "../files/"; 
$fullPath = $path.base64_decode($_GET['download_file']);

if ($fd = fopen ($fullPath, "r")) {
    $fsize = filesize($fullPath);
    $path_parts = pathinfo($fullPath);
    $ext = strtolower($path_parts["extension"]);
    switch ($ext) {
        case "pdf":
        header("Content-type: application/pdf"); // add here more headers for diff. extensions
        header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download
        break;
        default;
        header("Content-type: application/octet-stream");
        header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
    }
    header("Content-length: $fsize");
    header("Cache-control: private"); //use this to open files directly
    while(!feof($fd)) {
        $buffer = fread($fd, 2048);
        echo $buffer;
    }
}
fclose ($fd);
exit;

?>